Scripted Bulk Update of FIM 2010 Groups

I’ve been required to oversee a bulk update of a few thousand users into a manually managed portal group for which the FIM Portal is authoritative. Anyone who has had to add more than a few users knows this can be a cumbersome process by hand via the UI. To save time from doing this manually through the Portal interface I’ve thrown together a PowerShell script that will read a CSV file of users and operations (add or remove) and process those requests against a group.

The script will write the output of each operation to the console and optionally to a log file. The script is not necessarily intended to be efficient, with reliability being more important, so each user is treated as an individual request to prevent issues with one account failure impacting those of others. I’ve so far only tested this with about 50 accounts, and in my environment each add took a second give or take with no additional workflows being triggered by the update.

The script should be run under the context of a group owner from the server where the FIM Service is installed. If multiple users are matched, an error is output and that user is skipped. Currently groups are matched on DisplayName and AccountName, and users on DisplayName, AccountName or Email. These can be easily modified in the script if required.